Systems, methods, and apparatus for geolocation platform mechanics

ABSTRACT

Systems, apparatus, methods, and articles of manufacture provide for geolocating a user and/or a user device, based on one or more location data sources. Some embodiments may include use of a user authentication process (e.g., a two-factor authentication service) to improve confidence in the determined location of a user device. In one embodiment, a user and/or a user device may be allowed or denied access to restricted access content based on the determined location of the device.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims the benefit of priority of U.S.Provisional Patent Application No. 61/882,458 filed Sep. 25, 2013,entitled “GEOLOCATION PLATFORM MECHANICS.” The present applicationclaims the benefit of priority of U.S. Provisional Patent ApplicationNo. 61/882,453 filed Sep. 25, 2013, entitled “GEOLOCATION PLATFORMMECHANICS.” Each of the above-referenced applications is incorporated byreference in the present application.

BRIEF DESCRIPTION OF THE DRAWINGS

An understanding of embodiments described in this disclosure and many ofthe related advantages may be readily obtained by reference to thefollowing detailed description when considered with the accompanyingdrawings, of which:

FIG. 1 is a block diagram of a system according to an embodiment of thepresent invention;

FIG. 2 is a block diagram of a system according to an embodiment of thepresent invention;

FIG. 3 is a diagram of a computing device according to an embodiment ofthe present invention;

FIG. 4 is a diagram of a restricted access services system according toan embodiment of the present invention;

FIG. 5 is a flowchart of a method according to an embodiment of thepresent invention;

FIG. 6A, FIG. 6B, FIG. 6C, and FIG. 6D depict example scenarios fordetermining location data for a user device;

FIG. 7 is a flowchart of a method according to an embodiment of thepresent invention;

FIG. 8 is a flowchart of a method according to an embodiment of thepresent invention;

FIG. 9 is a flowchart of a method according to an embodiment of thepresent invention; and

FIG. 10 is a diagram of a system according to an embodiment of thepresent invention.

DETAILED DESCRIPTION

A. Introduction

Some embodiments of the present invention are generally directed toimproving the accuracy of and/or better assessing the appropriate levelof confidence in the location determined for various types of devices.One or more embodiments are directed to providing a higher level ofconfidence that geolocation results for a given device are accurate(e.g., that the device is actually located in a determined geographicalarea indicated by one or more types of geolocation services). Someembodiments provide generally for more accurate representations of thepotential geographical area in which a device is likely located. In someembodiments, a combination of information from various availableservices (e.g., on-device geolocation services, off-device geolocationservices, and authentication services) may be optimized to reduce therisk spoofing and other types of workarounds. In accordance with someembodiments, prioritizing and/or optimizing which types of geolocationservices should be used (when available), and/or when or how often theyshould be used, may advantageously decrease the power consumption by thedevices being tracked.

Determining the appropriate degree of the confidence in geolocationresults may offer advantages to various types of systems and situations.More accurate geolocation results may assist in tracking users, findingusers in emergencies, and/or improved navigation guidance. There are anumber of situations where it is advantageous to ascertain the locationof a device with respect to predetermined boundaries that define one ormore geographical areas. In one example, access to services (onlineand/or real world services) may be restricted according to where a useris located. For instance, a streamed video or audio service provider maywant to, or may be permitted to, provide streamed video or audio only tosubscribers or registered devices that are located within a certainarea, and may not provide service to subscribers or registered devicesoutside the area. Similarly, where different countries share a landborder, different entities in those different countries may beresponsible for providing services (e.g., vehicle breakdown services,police services) within their own borders but may not be responsible, ormay not be permitted, to provide such services in adjacent countries.Within one country, different entities can be responsible for differentareas. For instance, a boat breakdown service entity may be capable ofproviding resources to aid a user of a device located in an area thatrelates to a sea, lake, ocean or estuary, whereas a car breakdown entitymay be better capable of providing resources to aid the user of thedevice when located in an area that relates to land. Online access tothese entities' services can be limited such that only the appropriateentity's service can be accessed by a user of a device, based on theuser's location. Various other situations in which restricting onlineservice provision based on device location exist; some are discussed inthis disclosure, and still others may be readily understood by thoseskilled in the art in light of this disclosure.

In accordance with some embodiments of the present invention systems andmethods for securing access to restricted access services provide forreceiving, from a user device, a request to grant a user access, via theuser device, to a restricted access service that is restricted to userslocated in a predefined area. According to some embodiments, systems andmethods may further provide for one or more of: determining that theuser is in possession of a mobile device registered with the restrictedaccess service (e.g., based on a two-factor user authenticationservice); determining, using a first location data source (e.g., anon-device location data source), first location data associated with theuser device, wherein the first location data source is associated with afirst accuracy value (e.g., an accuracy radius); determining, using asecond location data source (e.g., an off-device location data source),second location data associated with the user device, wherein the secondlocation data source is associated with a second accuracy value. In oneembodiment, a system comprises a processor and a computer-readablememory in communication with the processor, the computer-readable memorystoring instructions that when executed by the processor direct theprocessor to perform one or more of the functions described above.

According to some embodiments, systems and methods for devicegeolocation may comprise determining, based on the first accuracy valueand the second accuracy value, which of the first or the second locationdata sources is the more accurate and/or determining that one of thedata location sources is not less accurate than the other location datasource. In some embodiments, the more accurate location data source maybe referred to as the “primary” location data source.

According to some embodiments, systems and methods for geolocationsystem may further provide for one or more of: determining a firstgeographical area based on the first location data and the firstaccuracy value; determining that the first geographical area is whollylocated within the predefined area; determining a second geographicalarea based on the second location data and the second accuracy value;and determining whether at least one of the following conditions issatisfied: (i) the first geographical area and the second geographicalarea overlap, and (ii) the second geographical area is wholly locatedwithin the predefined area.

According to some embodiments, systems and methods for devicegeolocation system may further provide for one or more of: afterdetermining whether at least one of the conditions is satisfied anddetermining whether the user is in possession of the mobile deviceregistered with the restricted access service, determining whether theuser device is located in the predefined area; and allow or denying theuser device to access the restricted access service.

In accordance with some embodiments of the present invention, one ormore systems, apparatus, methods, articles of manufacture, and/orcomputer readable media (e.g., a non-transitory computer readable memorystoring instructions for directing a processor) provide for determining,using an on-device location data source, first location data associatedwith a device. According to some embodiments, the on-device locationdata source may comprise, for example and without limitation, one ormore of: GPS, wireless network device locations (e.g., based on thelocations of BSSIDs identifying Wi-Fi® network devices or identifiedwireless devices on other types of wireless networks), cellular networktriangulation, and/or cellular or mobile network tower sites (alsoreferred to in this disclosure as “cell towers” or “cell sites”).Although this disclosure may refer to “towers” when discussingcomponents of cellular and/or other types of communications networks, itwill be understood that this is not limited to actual “tower” or “mast”structures, but that “cell tower” may refer to any fixed or mobilecellular network site (e.g., including a transmitter, receiver, ortransceiver) used to create a cell for a cellular network. In one ormore embodiments, the on-device location data source is associated withan accuracy value (e.g., an accuracy range of the on-device locationdata source, an accuracy radius). Some embodiments further may comprisedetermining a first geographical area based on the first location dataand the first accuracy value associated with the on-device location datasource. In one embodiment, the first location data may include anindication of a first geographic location identified by the on-devicelocation data source (e.g., GPS coordinates). According to someembodiments, determining the first geographical area comprisesdetermining the first geographical area based on the accuracy radius andthe first geographic location (e.g., determining a circular area definedby an accuracy radius from a determined set of GPS coordinates).

In accordance with some embodiments of the present invention, one ormore systems, apparatus, methods, articles of manufacture, and/orcomputer readable media (e.g., a non-transitory computer readable memorystoring instructions for directing a processor) provide for one or moreof:

-   -   a) determining, using a first location data source (e.g., an        on-device or off-device location data source), first location        data associated with a device (e.g., wherein the first location        data indicates a geolocation of the device);    -   b) determining, using a second location data source (e.g., an        on-device or off-device location data source), second location        data associated with the device (e.g., wherein the second        location data indicates a geolocation of the device);    -   c) determining, based on the first and second location data,        whether the device is within a predefined area (e.g., within a        country, state, province, county, town, etc.,); and    -   d) determining whether a user (e.g., a subscriber or other        registered user) is in possession of and/or co-located with the        device.        B. General Systems and Structures

Referring first to FIG. 1, a block diagram of a system 100 according tosome embodiments is shown. In some embodiments, the system 100 maycomprise a plurality of user devices 102 a-n, a network 104, athird-party device 106, and/or a restricted access services system 180.As depicted in FIG. 1, any or all of the devices 102 a-n, 106, 180 (orany combinations thereof) may be in communication via the network 104.In some embodiments, the system 100 may be utilized to provide onlineservices to which access is restricted to certain users or types ofusers (e.g., services limited to users in a predetermined geographicarea such as a country, county or state). The restricted access servicessystem 180 may, for example, interface with one or more of the userdevices 102 a-n and/or the third-party device 106 to acquire, gather,aggregate, process, and/or utilize user, geolocation, mobile device,and/or other data or metrics in accordance with embodiments described inthis disclosure. In some embodiments, the restricted access servicessystem may comprise a geolocation verification system 170 fordetermining, analyzing, and/or verifying a location of users and/or oneor more devices (e.g., mobile devices, desktop devices) associated withusers. In one example, a geolocation verification system 170 maydetermine whether a user of a restricted access service is in an areawhere that service can be provided, and if so, the restricted accessservices system 180 may permit the user to access the service.

Fewer or more components 102 a-n, 104, 106, 180 and/or variousconfigurations of the depicted components 102 a-n, 104, 106, 180 may beincluded in the system 100 without deviating from the scope ofembodiments described herein. In some embodiments, the components 102a-n, 104, 106, 180 may be similar in configuration and/or functionalityto similarly named and/or numbered components as described herein. Insome embodiments, the system 100 (and/or portion thereof) may comprise aservices platform programmed and/or otherwise configured to execute,conduct, and/or facilitate any of the various methods and/or portions orcombinations thereof described herein.

The user devices 102 a-n, in some embodiments, may comprise any types orconfigurations of computing, mobile electronic, network, user, and/orcommunication devices that are or become known or practicable. The userdevices 102 a-n may, for example, comprise one or more Personal Computer(PC) devices, computer workstations (e.g., underwriter workstations),tablet computers such as an iPad® manufactured by Apple®, Inc. ofCupertino, Calif., and/or cellular and/or wireless telephones such as aniPhone® (also manufactured by Apple®, Inc.) or a G3™ smart phonemanufactured by LG® Electronics, Inc. of San Diego, Calif., and runningthe Android® operating system from Google®, Inc. of Mountain View,Calif. In some embodiments, the user devices 102 a-n may comprisedevices owned and/or operated by one or more users such as customers ofan online service. According to some embodiments, the user devices 102a-n may communicate with the restricted access services system 180 viathe network 104, such as to register with a services provider, requestaccess to online services, and/or transmit information about a locationof a user device to geolocation verification system 180.

In some embodiments, the user devices 102 a-n and/or the third-partydevice 106 may comprise one or more servers and/or controller devicesconfigured and/or coupled to determine geolocation informationassociated with a user and/or a user device. In some embodiments, suchgeolocation information may be provided to the geolocation verificationsystem 170 and/or restricted access services system 180, such as fordetermining a location of a user and/or a user device.

The network 104 may, according to some embodiments, comprise a LocalArea Network (LAN; wireless and/or wired), cellular telephone,Bluetooth®, and/or Radio Frequency (RF) network with communication linksbetween the restricted access services system 180, the user devices 102a-n, and/or the third-party device 106. In some embodiments, the network104 may comprise direct communications links between any or all of thecomponents 102 a-n, 106, 180 of the system 100. The user devices 102 a-nmay, for example, be directly interfaced or connected to one or more ofthe geolocation verification system 170, the restricted access servicessystem 180 and/or the third-party device 106 via one or more wires,cables, wireless links, and/or other network components, such networkcomponents (e.g., communication links) comprising portions of thenetwork 104. In some embodiments, the network 104 may comprise one ormany other links or network components other than those depicted inFIG. 1. The user devices 102 a-n may, for example, be connected to therestricted access services system 180 via various cell towers, routers,repeaters, ports, switches, and/or other network components thatcomprise the Internet and/or a cellular telephone (and/or PublicSwitched Telephone Network (PSTN)) network, and which comprise portionsof the network 104.

While the network 104 is depicted in FIG. 1 as a single object, thenetwork 104 may comprise any number, type, and/or configuration ofnetworks deemed practicable for a particular implementation. Accordingto some embodiments, the network 104 may comprise a conglomeration ofdifferent sub-networks and/or network components interconnected,directly or indirectly, by the components 102 a-n, 106, 170, 180 of thesystem 100. The network 104 may comprise one or more cellular telephonenetworks with communication links between the user devices 102 a-n andthe restricted access services system 180, for example, and/or maycomprise the Internet, with communication links between the restrictedaccess services system 180 and the third-party device 106, for example.

The third-party device 106, in some embodiments, may comprise any typeor configuration of computerized processing device(s) such as a PC,laptop computer, computer server, database system, and/or otherelectronic device, devices, or any combination thereof. In someembodiments, the third-party device 106 may be owned and/or operated bya third-party (i.e., an entity different than any entity owning and/oroperating either the user devices 102 a-n or the restricted accessservices system 180). The third-party device 106 may, for example, beowned and/or operated by a data and/or data service provider (e.g., anonline maps and/or navigation service, a GPS service, a Wi-Fi router, aBSSID location data service, a communications carrier, a mobile networkoperator, a user authentication service). In some embodiments, thethird-party device 106 may supply and/or provide data such as user,geolocation, and/or other data to the geolocation verification system170, the restricted access services system 180 and/or the user devices102 a-n. In some embodiments, the third-party device 106 may comprise aplurality of devices and/or may be associated with a plurality ofthird-party entities.

In some embodiments, the restricted access services system 180 and/orthe geolocation verification system 170 may comprise an electronicand/or computerized controller device, such as a computer servercommunicatively coupled to interface with the user devices 102 a-nand/or the third-party device 106 (directly and/or indirectly). Therestricted access services system 180 may, for example, comprise one ormore PowerEdge™ M910 blade servers manufactured by Dell®, Inc. of RoundRock, Tex. which may include one or more Eight-Core Intel® Xeon® 7500Series electronic processing devices. According to some embodiments, therestricted access services system 180 may be located remote from one ormore of the user devices 102 a-n and/or the third-party device 106. Therestricted access services system 180 may also or alternatively comprisea plurality of electronic processing devices located at one or morevarious sites and/or locations.

According to some embodiments, the geolocation verification system 170and/or the restricted access services system 180 may store and/orexecute specially programmed instructions to operate in accordance withembodiments described herein. The geolocation verification system 170may, for example, execute one or more programs that facilitatedetermining the location of users and/or user devices. According to someembodiments, the geolocation verification system 170 may comprise acomputerized processing device such as a PC, laptop computer, computerserver, and/or other electronic device to manage and/or facilitateanalysis and/or communications regarding the user devices 102 a-n. Anonline content provision website, online voting service, governmentservices website may, for example, may receive requests from users toutilize such services, which may be restricted to users in certainjurisdictions. In one example, only users in a particular country orstate may be allowed to consume content online from a website authorizedto provide online content services in that jurisdiction. The geolocationverification system 170, for example, may be utilized to determineand/or verify the location of users and/or user devices requesting toaccess restricted access services. The restricted access services system180 and/or geolocation verification system 170 may be used, for example,to (i) register users with the restricted access services system 180,(ii) login and/or authenticate users attempting to access onlineservices, (iii) determine geolocation data from one or more locationdata sources, (iv) analyze geolocation data (e.g., in accordance withgeolocation analysis rules) to determine a location of a user and/oruser device (e.g., a cell phone or other mobile device), and/or (v)determine whether a user is allowed or denied access to content of therestricted access services system 180 (e.g., based on a determinedlocation of a user device).

In one or more embodiments user device(s) 102 a comprise one or moredevices (e.g., a desktop computer and a cell phone or other mobiledevice) owned and/or operated by a user (or potential user) ofrestricted access services system 180. Accordingly, in some embodimentsthe configuration of system 100 applies a technical solution(facilitated by one or more types of specific computing devicesdescribed in this disclosure) and substantially limited to addressingparticular problems with technical solutions improving aspects oftelecommunications, computer networking, user authentication, and/orcompute system security. For example, in accordance with someembodiments, the system 100 may allow an online services provider toestablish rules for determining and/or analyzing information about thelocation of users and/or devices, and/or allow or deny access to varioustypes of computer systems based on geolocation information and/orgeolocation analysis, as described in this disclosure.

Referring to FIG. 2, a block diagram of a system 200 is shown accordingto some embodiments. In some embodiments, the system 200 may comprisedevice(s) 204 in communication (e.g., via a communications network (notshown)) with restricted access server 202, global positioning system(GPS) 210, wireless device(s) 212, and/or BSSID location service 213.

In some embodiments, the system 200 may be utilized to provide onlineservices, some of which may be restricted to users in a predefinedjurisdiction (e.g., a state, province, territory, county, city,township, or other predetermined geographical area). The user device204, as depicted in FIG. 2, may comprise one or more non-carrier devices206 a and/or may comprise one or more mobile devices 206 b. For example,a non-carrier device 206 a may comprise a desktop computer, tabletcomputer, set-top box, console gaming system, or other type of computingdevice that is not connected to a cellular telephone network or othertelecommunications carrier network. In another example, a device maycomprise a mobile device 206 b (e.g., a cellular phone, tablet computerwith a carrier data plan, or the like) that may be connected to acellular telephone network or other telecommunications carrier network.Accordingly, system 200 may comprise a mobile device 206 b incommunication (e.g., with a carrier's communication network) with one ormore carrier mobile towers 214 and/or carrier network servers 208.

According to some embodiments, the system 200 may comprise a registeredmobile device 207 in communication with the carrier mobile tower(s) 214.As described with respect to some processes discussed in thisdisclosure, a user may register a cell phone or other mobile device withrestricted access server 202 (e.g., as part of an initial registrationprocess with a website). A registered mobile device 207 may be used, insome embodiments, as part of a user login and/or authentication process,to verify (i) that a user is in possession of the registered mobiledevice 207 and/or (ii) that the user is co-located with the user device204. According to some embodiments, the mobile device 206 b being usedas a device may be a registered mobile device. In one or moreembodiments, a user authentication and/or geolocation analysis processmay comprise the restricted access server 202 determining whether a useris associated with a registered mobile device. If so the restrictedaccess server 202 may initiate a user authentication service (e.g.,hosted by the server and/or provided by a third party authenticationserver) that transmits to the registered mobile device 207 anauthentication code, such as a one-time or temporary authentication codegenerated and/or received from a two-factor authentication service(e.g., Authenticator™ service by Google, Inc.; Duo™ services by DuoSecurity). The restricted access server 202 may, for example, prompt theuser to enter the authentication code via a user interface presented onthe user device 204. Upon receiving a code from the user device 204, theauthentication service compares the received code to the authenticationcode sent to the registered mobile device 207. If the codes match, therestricted access server 202 may store (e.g., in a geolocationinformation database) an indication that the user is in possession ofthe registered mobile device 207 and/or that the registered mobiledevice 207 is co-located with the user device 204 (if different from theregistered mobile device 207).

According to some embodiments, registered mobile device 207 and/ormobile device 206 b may be in communication with

The restricted access server 202 may, for example, interface with userdevice 204 and/or carrier network server(s) 208, to request, acquire,gather, aggregate, process, and/or utilize user, geolocation, userdevice, registered mobile device, and/or other data or metrics in orderto determine a location of user device 204 in accordance with one ormore embodiments described in this disclosure (e.g., in order to allowor deny user access to online services and/or applications). In someembodiments, software instructions running on a user device 204 (e.g.,implemented via HTML5 executed in a browser application and/or via anative client application) may facilitate one or more functions of thegeolocation analysis process. Accordingly, steps described as beingperformed by the restricted access server 202 may, in some embodiments,be performed by a processor of a user device executing softwareinstructions (e.g., downloaded by a user from a website or online storefor smartphone apps).

In some embodiments, the restricted access server 202 may comprise ageolocation verification system (e.g., system 170 of FIG. 1) fordetermining, analyzing, and/or verifying a location of users and/or oneor more devices (e.g., mobile device 206 b, non-carrier device 206 a,and/or registered mobile device 207) associated with users. In someembodiments, a device geolocation process may comprise determining, by auser device, location data based on information received from one ormore geolocation data sources, such as GPS 201, wireless device(s) 212(e.g., Wi-Fi wireless network routers), basic service set identification(BSSID) location service 213, and/or carrier mobile tower(s) 214 usingthe cellular radio of the user device (also referred to in thisdisclosure as “on-device” location data sources), and transmitting thedetermined location data to a geolocation verification system (e.g.,hosted by restricted access server 202) for geolocation analysis. Someexamples of BSSID location services are described below with respect toFIG. 4.

In some embodiments, the restricted access server 202 may request andreceive location data for a mobile device 206 b and/or registered mobiledevice 207 from the carrier network server(s) 208, which receivesinformation about the location of the mobile device 206 b and/orregistered mobile device 207 from the carrier mobile tower(s) 214. Inone embodiment, the restricted access server 202 may first determinewhether a user has registered to allow the server to check the locationof the registered mobile device 207.

According to some embodiments, a geolocation verification system (notshown) of the restricted access server 202 may utilize the location data(e.g., location data received from the user device 204 and/or thecarrier network system(s) 208) to determine whether the user device 204is in a jurisdiction that permits access to restricted access content orservices, and if so, permit the user to receive or access such content.

Fewer or more components 202, 204, 206 a-b, 207, 208, 210, 212, 213, 214and/or various configurations of the depicted components of FIG. 2 maybe included in the system 200 without deviating from the scope ofembodiments described herein. In some embodiments, the components 202,204, 206 a-b, 207, 208, 210, 212, 213, 214 may be similar inconfiguration and/or functionality to similarly named components asdescribed herein. In some embodiments, the system 200 (and/or portionthereof) may comprise a restricted access services platform programmedand/or otherwise configured to execute, conduct, and/or facilitate anyof the various methods and/or portions or combinations thereof describedherein.

Turning to FIG. 3, a block diagram of an apparatus 300 according to someembodiments is shown. In some embodiments, the apparatus 300 may besimilar in configuration and/or functionality to any of the user devices102 a-n, user device 204, non-carrier device 206 a, mobile device 206 b,registered mobile device 207, third-party device 106, and/or thesystems, servers and/or controller devices 170, 180, restricted accessserver 202 in this disclosure, and/or may otherwise comprise a portionof the systems 100, 200, 400 in this disclosure. The apparatus 300 may,for example, execute, process, facilitate, and/or otherwise beassociated with the methods described in this disclosure.

In some embodiments, the apparatus 300 may comprise a processor 310, aninput device 306, an output device 380, a communication device 360,and/or a memory device 308. According to some embodiments, any or all ofthe components 310, 306, 380, 360, 308 of the apparatus 300 may besimilar in configuration and/or functionality to any similarly namedand/or numbered components described in this disclosure. Fewer or morecomponents 310, 306, 380, 360, 308 and/or various configurations of thecomponents 310, 306, 380, 360, 308 may be included in the apparatus 300without deviating from the scope of embodiments described in thisdisclosure.

According to some embodiments, the processor 310 may be or include anytype, quantity, and/or configuration of electronic and/or computerizedprocessor that is or becomes known. The processor 310 may comprise, forexample, an Intel® IXP 2800 network processor or an Intel® XEON™Processor coupled with an Intel® E7501 chipset. In some embodiments, theprocessor 310 may comprise multiple inter-connected processors,microprocessors, and/or micro-engines. According to some embodiments,the processor 310 (and/or the apparatus 300 and/or portions thereof) maybe supplied power via a power supply (not shown) such as a battery, anAlternating Current (AC) source, a Direct Current (DC) source, an AC/DCadapter, solar cells, and/or an inertial generator. In the case that theapparatus 300 comprises a server such as a blade server, necessary powermay be supplied via a standard AC outlet, power strip, surge protector,a PDU, and/or Uninterruptible Power Supply (UPS) device.

In some embodiments, the input device 306 and/or the output device 380are communicatively coupled to the processor 310 (e.g., via wired and/orwireless connections and/or pathways) and they may generally compriseany types or configurations of input and output components and/ordevices that are or become known, respectively. The input device 306 maycomprise, for example, a keyboard that allows an operator of theapparatus 300 to interface with the apparatus 300 (e.g., by a player,such as to register and/or participate in an online service as describedin this disclosure). In some embodiments, the input device 306 maycomprise a sensor configured to provide information (e.g., a useridentifier) to the apparatus 300 and/or the processor 310. The outputdevice 380 may, according to some embodiments, comprise a display screenand/or other practicable output component and/or device. The outputdevice 380 may, for example, provide a user interface (not explicitlyshown in FIG. 3) to a user (e.g., via a restricted access website).According to some embodiments, the input device 306 and/or the outputdevice 380 may comprise and/or be embodied in a single device such as atouch-screen monitor.

In some embodiments, the communication device 360 may comprise any typeor configuration of communication device that is or becomes known orpracticable. The communication device 360 may, for example, comprise anetwork interface card (NIC), a telephonic device, a cellular networkdevice, a router, a hub, a modem, and/or a communications port or cable.In some embodiments, the communication device 360 may be coupled toprovide data to a user device (not shown in FIG. 3), such as in the casethat the apparatus 300 is utilized to provide a user interface to a useras described in this disclosure. The communication device 360 may, forexample, comprise a cellular telephone network transmission device thatsends signals indicative of user interface components to a user'shandheld, mobile, and/or telephone device. According to someembodiments, the communication device 360 may also or alternatively becoupled to the processor 310. In some embodiments, the communicationdevice 360 may comprise an IR, RF, Bluetooth™, and/or Wi-Fi® networkdevice coupled to facilitate communications between the processor 310and another device (such as a user device and/or a third-party device).

The memory device 308 may comprise any appropriate information storagedevice that is or becomes known or available, including, but not limitedto, units and/or combinations of magnetic storage devices (e.g., a harddisk drive), optical storage devices, and/or semiconductor memorydevices such as RAM devices, Read Only Memory (ROM) devices, Single DataRate Random Access Memory (SDR-RAM), Double Data Rate Random AccessMemory (DDR-RAM), and/or Programmable Read Only Memory (PROM). Thememory device 308 may, according to some embodiments, store one or moreof restricted application instructions 312-1 and/or geolocationverification instructions 312-2. In some embodiments, the restrictedapplication instructions 312-1 and/or geolocation verificationinstructions 312-2 may be utilized by the processor 310 to provideoutput information via the output device 380 and/or the communicationdevice 360.

According to some embodiments, the restricted application instructions312-1 may be operable to cause the processor 310 to process user data344-1, geolocation data 344-2, and/or restricted application data 344-2.Player data 344-1, geolocation data 344-2, and/or restricted applicationdata 344-2 received via the input device 306 and/or the communicationdevice 360 may, for example, be analyzed, sorted, filtered, decoded,decompressed, ranked, scored, plotted, and/or otherwise processed by theprocessor 310 in accordance with the restricted application instructions312-1 and/or geolocation verification instructions 344-2.

Any or all of the exemplary instructions and data types described inthis disclosure and other practicable types of data may be stored in anynumber, type, and/or configuration of memory devices that is or becomesknown. The memory device 308 may, for example, comprise one or more datatables or files, databases, table spaces, registers, and/or otherstorage structures. In some embodiments, multiple databases and/orstorage structures (and/or multiple memory devices 308) may be utilizedto store information associated with the apparatus 300. According tosome embodiments, the memory device 308 may be incorporated into and/orotherwise coupled to the apparatus 300 (e.g., as shown) or may simply beaccessible to the apparatus 300 (e.g., externally located and/orsituated).

Referring now to FIG. 4, a block diagram of a system 400 according tosome embodiments is shown. In some embodiments, the system 400 maycomprise a plurality of data sources 402 and restricted access servicesplatform 410. In some embodiments, the system 400 and/or the restrictedaccess services platform 410 may comprise a plurality of storedprocedures 412 and/or restricted access services data 414. According tosome embodiments, any or all of the components 402, 410, 412, 414 of thesystem 400 may be similar in configuration and/or functionality to anysimilarly named and/or numbered components described in this disclosure.Fewer or more components 402, 410, 412, 414 (and/or portions thereof)and/or various configurations of the components 402, 410, 412, 414 maybe included in the system 400 without deviating from the scope ofembodiments described herein. Any component 402, 410, 412, 414 depictedin the system 400 may comprise a single device, a combination of devicesand/or components 402, 410, 412, 414, and/or a plurality of devices, asis or becomes desirable and/or practicable. Similarly, in someembodiments, one or more of the various components 402, 410, 412, 414(e.g., one or more types of data sources) may not be needed and/ordesired in the system 400.

According to some embodiments, any or all of the data sources 402 may becoupled to, configured to, oriented to, and/or otherwise disposed toprovide and/or communicate data to the restricted access servicesplatform 410. A mobile device 402 a (e.g., a smart phone registered witha restricted access service, a cell phone being utilized to requestaccess to the restricted access services), a non-carrier device 402 b(e.g., a networked computing device, such as a desktop computer or tablecomputer, not associated with a carrier network or data plan), a carriernetwork data source 402 c (e.g., a carrier server device storing and/orproviding location data for a user device), a mobile network tower 402 d(e.g., a cell tower that is part of a carrier's cellular network), aBSSID data source 402 e, an authentication code data source 402 f (e.g.,a database operated by and/or accessed by a user authentication serviceto provide user authentication codes), a GPS data source 402 g (e.g., aGPS satellite, a GPS receiver of a mobile device), and/or a spoofingdetection service 402 h (e.g., a native service of a mobile device thatconducts one or more types of spoofing checks). In some embodiments, thedata from the data sources 402 a-h may comprise geolocation and/or otherdata descriptive of and/or otherwise associated with a user and/or auser device, and which may be used for the purpose of evaluating whetherthe user device is located in a particular geographical area.

According to some embodiments, the BSSID data source 402 e may beprovided by a location service that can look up the location of a Wi-Finetwork based on its unique basic service set identification (BSSIDand/or by its informal service set identification (SSID). A BSSID datasource may be, for example, a publicly-available data source, such asGoogle Maps™ by Google, Inc., storing information identifying Wi-Finetworks and/or Wi-Fi router devices and their respective locationsbased on the BSSIDs received or detected by a user device with Wi-Ficapability.

In some embodiments, the data stored in any or all of the databases 402a-h may be utilized by the restricted access services platform 410. Therestricted access services platform 410 may, for example, execute and/orinitiate one or more of the stored procedures 412 to process the data inthe databases 402 a-h and/or restricted access services data 414 (or oneor more portions thereof) and/or to define one or more tables or othertypes of data stores (e.g., for use in registering a user with arestricted access server, logging a user into a restricted accesswebsite, determining and/or analyzing geolocation data, and/ordetermining a location of a user and/or user device). In someembodiments, the stored procedures 412 may comprise one or more of userregistration procedure 412 a, user login procedure 412 b, userauthentication procedure 412 c, geolocation analysis procedure 412 d,and/or restricted access services procedure 412 e.

According to some embodiments, the execution of the stored procedures412 a-e may define, identify, calculate, create, reference, access,update and/or determine one or more data tables or other data stores. Insome embodiments, one or more of the data sources 402 a-h and/orassociated data tables 414 a-d determined via one or more of storedprocedures 412 a-e may store information about one or more users, userdevices, geolocation data, geolocation analysis rules, and/or one ormore online services. Accordingly, any references to databases 402 a-hin describing various embodiments in this disclosure may be understoodas applying to, alternatively or in addition, one or more data stores414 a-d.

According to some embodiments, user registration procedure 412 a may beconfigured to register a new user of a restricted access server (e.g.,register a user to access content made available to users in certaingeographical areas via a website). In some embodiments, as depicted inthe example “New Customer” flow of HTML5 browser signup flow 700 of FIG.7 and example “New Customer” native client initialization flow 800 ofFIG. 8, different signup procedures may be utilized based on whether auser is using a browser application (e.g., based on HTML5) or a nativeclient application. As depicted in the example signup flows 500, 600, auser registration procedure 412 a may comprise determining (i) whether auser has a mobile device and/or (ii) determining whether a user agreesto have the location of the user's mobile device determined using acarrier geolocation process (e.g., by determining which tower(s) themobile device may have accessed).

In one or more embodiments, user login procedure 412 b may includeinstructions to direct a processor of a computerized processing device(e.g., of a user device) to receive and evaluate (e.g., based on user DB414 a) a request by a user to log in to a restricted access websiteand/or access restricted content or services. Further, in one or moreembodiments, as depicted in the example “Existing Customer” flow ofHTML5 browser signup flow 700 of FIG. 7 and example “Existing Customer”native client initialization flow 800 of FIG. 8, user authenticationprocedure 412 c may include instructions to direct the computerizedprocessing device to determine (e.g., based on user DB 414 a and/or usergeolocation DB 414 b) whether a user is registered to be authenticatedby a carrier geolocation process. If so, as depicted in FIG. 7 and FIG.8, a two-factor authentication process may be initiated (e.g., bysending an authentication code to a mobile device registered with therestricted access server, and verifying any code received from the userdevice by which the user is attempting to log in to access restrictedcontent) to determine whether the user is in possession of a registeredmobile device and/or determining that a registered mobile device isco-located with a user device by which the user is attempting to accessa restricted access website or other restricted content.

In one or more embodiments, geolocation analysis procedure 412 d mayinclude instructions to direct a processor of a computerized processingdevice (e.g., of a user device and/or restricted access server) toexecute software instructions to (i) determine respective location databased on one or more location data sources (e.g., by retrieving locationdata from user geolocation DB 414 b; and/or storing determined locationdata in user geolocation DB 414 b), (ii) determine one or moregeolocation rules, respective accuracy values for one or more locationdata sources, relative ranking of location data sources, and/orgeolocation scenarios (e.g., stored in geolocation rules DB 414 c) foranalyzing the location data, (iii) determine a location of a user deviceand/or registered mobile device, (iv) determine whether a user device islocated in a predefined area (e.g., in a particular state or country),and/or (v) determining whether to allow or deny a user and/or userdevice access to restricted content (e.g., allow or deny a user deviceaccess to content restricted to a certain area or areas).

In one or more embodiments, restricted access services procedure 412 emay include instructions to direct a processor of a computerizedprocessing device (e.g., of a user device and/or restricted accessserver) to execute software instructions (e.g., based on gameinformation in restricted services DB 414 d) to provide for therestricted access services (e.g., an online service only available toregistered users playing with user devices in a particular country,state, or province).

The process diagrams and flow diagrams described herein do notnecessarily imply a fixed order to any depicted actions, steps, and/orprocedures, and embodiments may generally be performed in any order thatis practicable unless otherwise and specifically noted. Any of theprocesses and methods described herein may be performed and/orfacilitated by hardware, software (including microcode), firmware, orany combination thereof. For example, a storage medium (e.g., a harddisk, data storage device, Random Access Memory (RAM) device, cachememory device, Universal Serial Bus (USB) mass storage device, and/orDigital Video Disk (DVD)) may store thereon instructions that whenexecuted by a machine (such as a computerized processor) result inperformance according to any one or more of the embodiments described inthis disclosure.

C. Processes

According to some embodiments, processes described in this disclosuremay be performed and/or implemented by and/or otherwise associated withone or more specialized and/or computerized processing devices (e.g.,the devices described in this disclosure), specialized computers,computer terminals, computer servers, computer systems and/or networks,and/or any combinations thereof. In some embodiments, methods may beembodied in, facilitated by, and/or otherwise associated with variousinput mechanisms and/or interfaces.

Any processes described in this disclosure do not necessarily imply afixed order to any depicted actions, steps, and/or procedures, andembodiments may generally be performed in any order that is practicableunless otherwise and specifically noted. Any of the processes and/ormethods described in this disclosure may be performed and/or facilitatedby hardware, software (including microcode), firmware, or anycombination thereof. For example, a storage medium (e.g., a hard disk,Universal Serial Bus (USB) mass storage device, and/or Digital VideoDisk (DVD)) may store thereon instructions that when executed by amachine (such as a computerized processing device) result in performanceaccording to any one or more of the embodiments described in thisdisclosure.

Referring now to FIG. 5, a flow diagram of a method 500 according tosome embodiments is shown. According to some embodiments, the method 500may comprise determining first location data (e.g., based on a firstlocation data source) for a device, at 502, and determining a firstgeographical area, at 504. As described in this disclosure, determininglocation data may comprise determining a position, geographicallocation, GPS coordinates, and/or other type of location data, based onany of various types of location data sources, including but not limitedto GPS, Wi-Fi, mobile tower site location and/or triangulation, internetprotocol (IP) address, and carrier location. As described in thisdisclosure, in some embodiments the location data source may be anon-device location data source (e.g., derived from or received via auser device being located) or an off-device location data source (e.g.,received from a mobile device carrier).

The following provides an overview of various example data sources thatmay be used, in accordance with some embodiments, to determine adevice's location and/or the location of a user associated with adevice.

GPS:

GPS is widely available on mobile devices and is highly accurate. Itsaccuracy typically ranges between 3 m and 10 m, depending on the GPSchipset used and/or the number of satellites that are visible whenperforming the lookup. Generally, four satellites are required forhighly accurate location, but three may suffice. However, using GPStends to drain the battery of a mobile device as it requires constantpower. GPS lookups are also relatively slow, due to the time taken tosynchronize with a geo-satellite.

Wi-Fi Location/Triangulation:

Numerous databases of public and private Wi-Fi wireless router BSSIDs orSSIDs and their corresponding geographical locations are available. Thelocation of a user device may be determined using one or more wirelessrouters (e.g., by triangulating using the locations of all the wirelessrouter BSSIDs or SSIDs a mobile device can detect). The accuracy ofWi-Fi-based location data typically depends on the density or number ofWi-Fi identifiers in the specified location and/or the signal strengthof the wireless devices. In a populated area, this is generally 10 to 20m, with the maximum range dictated by the maximum distance a wirelesssignal can travel (generally 200 m). In a sparsely populated area, Wi-Fitriangulation may become unusable if there are not enough BSSIDsaccessible to determine the location. In one example, a location servicemay utilize a Wi-Fi device to detect other Wi-Fi devices and obtaintheir BSSIDs. The service may then look up the acquired BSSIDs in aWi-Fi database (e.g., which may contain millions of these identifiersand their associated locations). Once locations for the BSSIDs areobtained, the location service may, in some embodiments, determine whichof the available BSSIDs are in the same general latitude/longitudelocation. For instance, if three available BSSIDs indicate locationswithin New York City, but one shows a location in Los Angeles, thelatter one may be discarded. Those identified locations deemed mostaccurate may be triangulated to determine the relative location of theuser device.

Cell Site Triangulation:

The location of a user device may be determined, in accordance with someembodiments, by examining the cell tower sites a phone can detect and/orthat the phone has previously been connected to. Advantages of celltower location include the relative speed of locating the device and thefact that it has little or no additional impact on typical batteryusage, as the client device is already constantly connecting to cellsites in order to maintain a cellular connection. The accuracy of thislocation data source typically depends on the density or number of cellsites in the area of the mobile device and/or the signal strength of thecell sites. In densely built-up areas, for example, a cellular networksignal travels for a shorter distance, and mobile carriers typicallyinstall more cell sites. Higher density of cell sites results ingreatest accuracy, down to approximately 50 m. In sparsely populatedareas such as the countryside, for example, a signal may potentiallytravel up to 25 km, so mobile service carriers tend to install fewercell sites. Accordingly, if the preceding scenario only one cell site iswithin range, the worst case accuracy value is 25 km. On average, if atleast three cell sites are accessible, the accuracy range is within 1500m.

Cell Site Identification:

If only one cellular network site is available, the accuracy of thelocation data solely depends on the site's range. In some instances itis possible to get location accuracy down to 500 m based on a singlesite; however, accuracy values are generally around 2 km. The range of asite depends on the number of sites that serve a given area. In thecountryside, as discussed above, cell sites may serve signals up to arange of 25 km.

Internet Protocol (IP) Address:

Location services based on IP addresses (e.g., GEO-IP) have been ingeneral use for several years. Such services typically rely on Internetservice providers (ISPs) to sub-divide the IP blocks they serve intoregional areas, thereby allowing a particular device to be located bythe region to which its static, assigned IP address belongs.Unfortunately this is only useful for static (e.g., cable) connections,and does not work for mobile carriers, as IP blocks are not limited tocertain areas. Consequently, the IP address assigned to a client by amobile carrier cannot be used to locate the player. Relative to theother location data sources described here, IP location is the leastaccurate.

Determining a geographical area may comprise, in some embodiments,determining the geographical area based on a particular position (e.g.,cell tower site) or triangulated location and an accuracy radius orother type of accuracy value associated with the location data source.In some embodiments, respective accuracy values may be determined foreach of one or more different types of location data sources (e.g., andstored in a database of geolocation rules). For example, the followingtable provides example accuracy values and example times required fordetermining location data using some example location data sources:

Wi-Fi Cell Site Cell Site Internet Trian- Trian- Identi- Protocol GPSgulation gulation fication (IP) Minimum 3 m 20 m 50 m 500 m 40 km Range(meters) Average/ 3 m 50 m 500 m 1500 km 40 km Standard (meters) Maximum10 m  200 m  25 km 25 km Unbounded Range (meters) Time to 15-40 1-2 1-23-9 1-2 Locate seconds seconds seconds seconds seconds

In one example, a GPS location data source may be associated with anaccuracy value from 3 m to 10 m (e.g., the current accuracy value may bedetermined at the time the data source is utilized). In another example,a particular standard (e.g., an average) may be used as the accuracyvalue (e.g., 3 m) if GPS is used. In some cases, the accuracy value maycorrespond to a radius from the determined position, and determining thegeographical area based on the determined location and the accuracyvalue, may comprise defining an area (e.g., a substantially circulararea) that is within the associated radius from the position (e.g.,within 200 m from the determined position).

According to some embodiments, the method 500 may comprise determiningsecond location data for the device, at 506, and determining a secondgeographical area, at 508. In some embodiments, the second location datapreferably is derived from a second location data source that isdifferent from the location data source used to determine the firstlocation data. For example, the first location data may be based on anon-device location data source (e.g., GPS) and the second location datamay be based on an off-device location data source (e.g., carrierlocation), or vice versa. In another example, both the first and secondlocation data may be based on off-device location data sources.

According to some embodiments, which of two or more location datasources are utilized may be determined in accordance with one or morerules and/or relative rankings (e.g., based on accuracy) of individuallocation data sources and/or combinations of available data sources.Accordingly, determining location data may comprise determine whichlocation data sources are available, and, based on a respectiveprioritization or accuracy ranking of the data sources and potentialcombinations, selecting the first location data source and secondlocation data source that have the highest priority. In someembodiments, at least one on-device location data source and at leastone off-device location data source must be used; in other embodiments,any combination of data sources may be utilized. The following tableprovides some example combinations of example location data sources andauthentication services for non-carrier devices (e.g., desktopcomputers), and example respective rankings of each combination.

Wi-Fi Cell 2-Factor Prior- Trian- Trian- Cell IP Authen- Accuracy ityGPS gulation. gulation Site Address tication Value 1 x x 20 m to 200 m 2x x x 20 m to 200 m 3 x x x 500 m to 25 km 4 x x 500 m to 25 km

The following table provides some example combinations of examplelocation data sources and authentication services for mobile devices(e.g., cell phones, smart phones), and an example respective rankings ofeach combination.

Wi-Fi Cell 2-Factor Prior- Trian- Trian- Cell IP Authen- ity GPSgulation gulation Site Address tication Accuracy 1 x x x 3 m to 10 m 2 xx x 20 m to 200 m 3 x x x 50 m to 25 km 4 x x 3 m to 10 m 5 x x 20 m to200 m 6 x x 50 m to 25 km 7 x x 3 m to 10 m 8 x x 20 m to 200 m 9 x 3 mto 10 m 10 x 50 m to 25 km

According to some embodiments, the method 500 may comprise determiningwhether the first geographical area is wholly located within apredefined area, at 510. As described in this disclosure, it may beadvantageous to determine, in some situations, whether a device is in aparticular area (e.g., to determine whether certain services may beavailable to a user, to assist in rescue or emergency operations).Determining whether the first geographical area is wholly located withina predefined area may comprise looking up (e.g., in a database ofgeolocation data or geolocation analysis rules) or otherwise determiningthe countries, states, provinces, or the like, and/or GPS coordinates,included in a particular predefined area, and/or the location of bordersdefining a particular area. The defined area may then be compared to thearea of the first geographical area to determine whether any of theirrespective GPS coordinates, for example, overlap.

For the purposes of this example method 500, it will be assumed that thefirst location data is derived from a location data source that is atleast as accurate as the data source for the second location data.Accordingly, if the first geographical area is not wholly within thepredefined area, the user and/or user device are denied access torestricted access services, at 520. Otherwise, the method 500 maycontinue to determine whether the first geographical area overlaps thesecond geographical area, at 512. If so, then the method 500 maycontinue to determine that the user device is in the predefined area, at516. Otherwise, the method 500 may determine whether the secondgeographical area is wholly located within the predefined area, at 514.If so, then the method 500 may determine that the user device is in thepredefined area, at 516. Otherwise, the user and/or user device aredenied access to restricted access services, at 520.

According to some embodiments, the method 500 further may comprisedetermining whether a user is in possession of a user's registeredmobile device. Ensuring that a user is actually in possession of his orher mobile device improves confidence in off-device location datasources (e.g., based on cell site triangulation or single cell sites) asbeing representative of a user's and/or user device's actual currentlocation. For example, a two-factor authentication check may beconducted to verify that the user is in possession with the mobiledevice by requiring that the user input, to the user device beinglocated, an authentication code transmitted to the registered mobiledevice. The user device may be the same device as the registered mobiledevice, or may be a different device (e.g., a desktop computer).According to some embodiments, the user must be in possession of theregistered device (according to an example geolocation rule) in orderfor geolocation analysis to conclude that the user device is in apredefined area (e.g., because it is unlikely that the user isattempting to spoof his location). An authentication process may beperformed during a log in process, for example, and/or prior to, during,or after determining location data for the device.

FIGS. 6A-6D depict some example geolocation scenarios based on locationdata derived using multiple location data sources. According to theexample scenario depicted in FIG. 6A, a user has access to a firstlocation data source that is based on Wi-Fi devices. According to theexample, triangulation of the respective location data available foreach of the plurality of Wi-Fi device locations (not shown) providesfirst location data (position 604) for the user device. The locationdata is associated with a first accuracy level 606 (200 m). The examplescenario depicted in FIG. 6A also shows that a second location datasource (a single cell tower) provides second location data, position610, associated with a second accuracy level 612 (10 km). FIG. 6A alsodepicts an example first geographical area 608 associated with theWi-Fi-based position 604 (based on the accuracy level 606) and a secondgeographical area 614 associated with the cell tower position 610 (basedon the accuracy level 612). According to the example, based on the firstand second geographical areas and one or more geolocation rules, becausethe user's triangulated Wi-Fi geographical area 608 is (i) wholly withinthe predefined area 602 and (ii) overlaps with the second geographicalarea 614 (at overlap area 616). This example indicates that the user'sestimated location is both within the boundaries of the predefined areaand that no spoofing has occurred, as the off-device carrier locationoverlaps with the Wi-Fi triangulated position, based on the respectiveaccuracy limitations for each data source. Accordingly, the user may beallowed access to restricted access services via the user device. Insome embodiments, it may be sufficient to allow access to restrictedcontent if at least two location data sources (e.g., the two mostaccurate location data sources) are associated with geographical areasthat are wholly within the predefined jurisdiction 602 (regardless ofwhether they overlap).

According to the example scenario depicted in FIG. 6B, the user may beprohibited from accessing restricted content or services for tworeasons: (1) the triangulated Wi-Fi position of the user device (themore accurate of the two location data sources), taking into account theassociated accuracy value 606, indicates that the user is potentiallyoutside the predefined area 602; and (2) the geographical area 608 doesnot overlap with the second geographical area 614, indicating thatspoofing may have taken place.

Similarly, according to the example scenario depicted in FIG. 6C, theuser may be prohibited from accessing restricted content or servicesbecause, even though the more accurate location data source (thetriangulated Wi-Fi position) indicates the user is wholly within thepredefined area 602, the geographical area 608 does not overlap with thesecond geographical area 614, indicating that spoofing may have takenplace.

According to the example scenario depicted in FIG. 6D, the user may beallowed to access restricted access content or services (e.g., inaccordance with geolocation rules). Even though the less accuratelocation data source (the carrier cell tower at position 610) indicatesthe user device could be outside the predefined area 602, the user'striangulated Wi-Fi location is (i) wholly within the predefinedjurisdiction 602 and (ii) overlaps with the second geographical area 614(at overlap area 616). This example indicates that the user's estimatedlocation is both within the predefined area and that no spoofing hasoccurred.

According to some embodiments, a location data source based on aregistered address for a user may be accessed (e.g., from a userdatabase) in order to determine a jurisdiction in which the user lives.This information may be utilized and/or required in accordance with somegeolocation rules, such as where a location data source indicates a usermight be outside of the predefined jurisdiction. In one example, in theexample scenario depicted in FIG. 6C, a user may be permitted access torestricted content if the user's residential address is in thepredefined area 602 or is close to the border of the predefined area,and/or is in the predefined area and also within the geographical area614, even though the geographical areas do not overlap. In anotherexample, in the example scenario depicted in FIG. 6D, it may be requiredthat the user also have a registered address that is in the predefinedarea 602 or within the geographical area 614 within the predefined area602, before the user is allowed access to restricted content orservices.

Referring now to FIG. 9, a flow diagram of a method 900 according tosome embodiments is shown. FIG. 10 depicts an example system 1000comprising various components described with respect to example process900 of FIG. 9. The method 900 may be performed, for example, by a servercomputer (e.g., Gaming Servers of FIG. 10) and/or a gaming device. Itshould be noted that although some of the steps of method 900 may bedescribed as being performed by a server computer while other steps aredescribed as being performed by a gaming device, any and all of thesteps may be performed by a single computing device which may be agaming server, mobile device, desktop computer, or another computingdevice. Further, any steps described herein as being performed by aparticular computing device may, in some embodiments, be performed byanother computing device as appropriate.

According to some embodiments, the method 900 may comprise a geolocationverification process (also referred to in this disclosure as a“geolocation capture flow”) that may be useful in determining whether agaming device (or other type of user device) is within a predefinedjurisdiction (e.g., in which wager games are permitted). In a first partof the method 900, a user logs in to a gaming application (e.g., anHTML5-based or native client application) from a user device, such as byone of the “Existing Customer” workflows described in FIG. 7 and FIG. 8.

In response to the user attempting to place a wager using the userdevice, the process comprises determining a location of the device(e.g., based on one or more location data sources accessible by thedevice) and/or initiating one or more spoofing check processes to assesswhether the device is attempting to spoof its location. In someembodiments, the device may determine location data based on one or moreavailable data sources, including but not limited to: (i) a GPS datasource (e.g., receiving GPS information from a built-in GPS receiver),(ii) a Wi-Fi data source (e.g., determining one or more Wi-Fi routerdevices in communication with the device), (iii) an SSID data source,and/or (iv) a mobile carrier tower or other cellular device locationdata source.

According to some embodiments, the user device may determine location(and/or time information) based on a global positioning system (GPS), aspace-based satellite navigation system that provides location and timeinformation in diverse weather conditions.

According to some embodiments, the user device may determine one or morerespective SSIDs associated with Wi-Fi networks accessible by the userdevice. As will be readily understood by those of skill in the art, aWi-Fi BSSID is the name of a wireless network visible to a user device.Various map service providers (e.g., Google Maps™ by Google, Inc., Bing™by Microsoft, Apple Maps™ by Apple, Inc.) provide databases storingrespective locations of known BSSIDs. In some embodiments, the accuracyof location information based on Wi-Fi data sources may be dependent onthe number of SSIDs visible and their known locations. For instance, ifonly one SSID is visible, the accuracy value of that data source may beup to 400 m, but if three or more SSIDs are visible, a more accurateposition may be obtained by triangulating the position of the devicebased on the respective location data for all three SSIDs.

In some embodiments, as described in this disclosure, carrier mobiletowers used by mobile operators to serve cellular connections may bequeried using a multilateration technique based on location informationreceived (e.g., by the user device) from two or more radio towers. Inone embodiment, an accuracy level associated with using the user deviceto determine a cellular location based on one or more carrier mobiletowers may be approximately fifty meters.

According to some embodiments, all of the location data sources may bequeried (and results forwarded to a gaming server for geolocationverification). According to some embodiments, one or more of thelocation data sources may be selected for use in determining thelocation of the user device based on a relative ranking of the accuracyof the location data sources (e.g., “High” accuracy, “Low” accuracy)and/or based on respective accuracy values (e.g., 200 meters, 10kilometers, 50 meters) associated with the location data sources.According to some embodiments, location data sources may be queried insuccession, in descending order of accuracy, until a location datasource is found that can provide location information.

As described in this disclosure, the accuracy value associated with alocation data source may be used (e.g., in conjunction with the locationdata received from that location data source), to determine ageographical area representative of the location data (e.g.,substantially a circular area defined by the site of a cell tower andthe accuracy value associated with the cell tower as a location datasource). Information about ranking and/or accuracy values of differentlocation data sources may be stored, for example, in a database (e.g.,geolocation rules DB 414 c, geolocation data 314-2).

In some embodiments, a native client application installed on a gamingdevice may be used to perform one or more spoofing checks to determineif a user is attempting to fake the device's location. For example,spoof checks may be conducted to detect potential spoofing based on oneor more of the following: virtual private networks (VPNs), proxyservers, remote desktop programs, and/or use of specific softwaredesigned to provide fake Wi-Fi, GPS, and/or cellular data to arequesting application.

According to some embodiments, as depicted in example process 900,geolocation data stored by and/or retrieved by the user device may beforwarded to a gaming server and/or geolocation authentication systemfor geolocation analysis.

As used in this disclosure, a “mobile network operator” or “carrier”refers to a provider of wireless cellular services (e.g., for cellphones, smart phones, tablet computers with cellular data connections,etc.). Carriers typically own and operate radio towers for mobiledevices (also referred to in this disclosure as “carrier mobile towers”)that are used to connect a user's mobile device to the carrier'scellular communications network. Each mobile tower has a fixed, knownlocation. Typically, every time a mobile device connects to a radiotower, the associate carrier stores a record of the radio tower to whichit connected. Carrier geolocation (also referred to as “carrierlocation”) uses the stored list of last known radio towers a mobilephone has connected to as a location data source.

Accordingly, in some embodiments, example process 900 may furthercomprise requesting, by the gaming server from a carrier network (e.g.,carrier network server 208), a carrier location of a mobile deviceassociated with a user (e.g., registered mobile device 207). The carriernetwork may, for example, determine one or more carrier mobile towersthe mobile device connected to most recently and determine, based on thelocation data from one or more carrier mobile towers (e.g., based on thegeographic location of the tower(s) and/or based on triangulation usinglocation data from multiple towers), a carrier location of the mobiledevice.

In one embodiment, the example process 900 may further comprise storinglocation data and/or results of spoofing checks in a database (e.g.,user geolocation DB 414 b). In one or more embodiments, the exampleprocess 900 may further comprise analyzing the location and/or spoofinginformation determined by the user device and/or by the gaming server inorder to determination (i) where the user device is located and/or (ii)whether to allow the user device access to restricted access services(e.g., online wagering games).

According to some embodiments, geolocation analysis procedures maycomprise determining which, of a plurality of available location datasources, is the most accurate. Some geolocation rules may comprise, forexample, determining whether the most accurate location data sourceindicates the user device is wholly within the predefined jurisdiction.If not, the geolocation analysis procedure may determine that the userdevice is not permitted to access restricted online services (even ifthe potential geographical area associated with the most accurate datasource overlaps with the geographical area for another location datasource) because of the risk of spoofing.

According to some embodiments, a device geolocation system may comprisea processor and a computer-readable memory in communication with theprocessor, the computer-readable memory storing instructions that whenexecuted by the processor direct the processor to:

determine, using an on-device location data source, first location dataassociated with a device;

determine, using an off-device location data source, second locationdata associated with the device;

determine, based on the first location data and the second locationdata, that the device is within a predefined area;

determine that a user is in possession of the device; and

after determining that the device is within the predefined area andafter determining that the user is in possession of the device,transmitting restricted access content to the device.

Additional Embodiments

According to some embodiments, improved geolocation capabilities may beprovided that optimize which data location data sources are used inorder to decrease power consumption by user devices. In one example,using carrier geolocation as a location data source does not have anyadditional drain on a device's battery because it is based oninformation tracked and stored as the device connects with cell sites onthe carrier network. Accordingly, an initial geolocation determinationprocess for a user device may use GPS, Wi-Fi, cellular radioinformation, or some other more power intensive process, and may also,as discussed in this disclosure, corroborate the location data fromthose data sources with an off-device location data source. However,rather than continuously requesting the most accurate locationinformation from the user's device in subsequent geolocationdetermination, the geolocation verification process may be configured toquery only the carrier for the device's location from time to time(e.g., in accordance with a predetermined schedule or desiredfrequency). In one embodiment, the user device may be queried forlocation information only if the location data received from the carrierindicates that the user's location has changed by more than apredetermined threshold distance (e.g., in accordance with a geolocationrule). In that case, the geolocation verification process may againconsult one or more on-device location data sources. This optimizationof the use of various available location data sources may result inimproved power use by and/or battery life of mobile devices.

Accordingly, some embodiments may provide for systems and methodsproviding for at least one of: determining an initial geolocation for auser device based on an on-device location data source (or based on alocation data source requiring power consumption relatively higher thanother potential location data sources); and determining at least onesubsequent geolocation for the user device based on a carriergeolocation or other type of off-device location data source requiringrelatively lower power consumption than the location data source usedfor the initial geolocation. In some embodiments, determining asubsequent geolocation may comprise making the determination after apredetermined period of time and/or in accordance with a predeterminedfrequency or schedule. In some embodiments, systems and methods mayfurther provide for determining whether to perform a subsequencegeolocation process using at least one on-device location data source(or location data source requiring power consumption relatively higherthan other potential location data sources), either alone or incombination with carrier geolocation or other type of off-devicelocation data source requiring relatively lower power consumption. Insome embodiments, determining whether to use at least one location datasource requiring relatively higher power consumption may compriselooking up (e.g., in a database) respective times required for locationbased on such data sources and/or respective indications of relativerequired power consumption (e.g., a respective power use rating for agiven location data source). In some embodiments, determining whether touse at least one location data source requiring relatively higher powerconsumption may include determining whether the user device is within apredetermined distance of a predefined geographical area, jurisdiction,and/or border (in which case more accurate location data sources may bedesirable even if they require more power from the user device).

In some embodiments, the frequency at which location is determined for agiven user device may be increased or decreased, for example, based onthe determined proximity of the user device to the edge of a predefinedarea or jurisdiction (e.g., how close a user is to a state border).

In some embodiments, as noted above with respect to FIG. 9 and FIG. 10,the restricted online service may comprise a gaming service (e.g., via agaming website or mobile gaming application) and access to the servicemay be restricted to patrons of the gaming service. In one or moreembodiments, in order to participate in online wagering or gamblinggames, for example, a patron's device must be located within an areacoincident with a predefined jurisdiction that permits wager-basedgaming (e.g., a particular state that permits licensed operators toprovide online gambling services to users access a gambling website fromwithin the state's borders).

In some embodiments, the system 200 (and/or portion thereof) maycomprise a restricted access gaming services platform programmed and/orotherwise configured to execute, conduct, and/or facilitate any of thevarious methods and/or portions or combinations thereof describedherein. According to some embodiments, the restricted online server 202may utilize the location data (e.g., location data received from theuser device 204 and/or the carrier network system(s) 208) to determinewhether the user device 204 is in a jurisdiction that permits access towagering games, and if so, permit the user to participate in wageringgames (e.g., via a gaming website and/or via a native client applicationinstalled on a gaming device).

Some embodiments described in this disclosure may provide for using bothon-device geolocation support and off-device geolocation support (e.g.,GSM Cell Site Identification) and allowing patrons to play gamblinggames only if both the on-device geolocation information and theoff-device geolocation information indicate the patron is in anappropriate jurisdiction (e.g., the two datasets match or otherwise areconsistent). Such embodiments may dramatically reduce the risk ofspoofing.

Some embodiments may further provide for utilizing the most accurategeolocation mechanism available and, taking into account the distance tothe border, determining whether or not to allow a player to gamble giventhe worst case scenario.

According to some embodiments, on-device geolocation methods may includeone or more of GPS, GSM, Wi-Fi and IP-based location services, such asthose provided by GeoComply. In some embodiments, off-device geolocationinformation may be provided based on GSM cell site identification, suchas the service provided for mobile devices by Locaid. One or more typesof authentication services may also be utilized, such as the two-factorauthentication across the web provided by Duo Security, in accordancewith some embodiments.

Some embodiments may combine, advantageously, on-device geolocation,off-device geolocation, and authentication services to ensure a highlevel of location confidence, with a reduced risk of workarounds andspoofing. For desktop devices, location of the device may be accuratelydetermined to within 20 and 200 m. For mobile devices, location of thedevice may be determined to within 3 and 500 m accuracy.

According to some embodiments, only devices running a native geolocationapplication may be supported. For desktop devices, for example, a patronmust either have installed a browser plugin, or a desktop application.For mobile devices, for example, such as those running the iOS operatingsystem by Apple, Inc., the patron must have installed an applicationfrom the Apple App Store™. Ensuring a patron has a native client runningon their device reduces the risk of location spoofing and tampering,which is relatively easy with only a browser (e.g., an HTML5-basedgeolocation solution).

Although for purposes of discussion some embodiments described in thisdisclosure may be discussed with respect to mobile devices running theiOS operating system by Apple, it will be understood that variousembodiments may be implemented using native clients for other types ofdevice operating systems (e.g., Windows™ Mobile, Android™ by Google,Inc.).

According to some embodiments, the native applications, such as thebrowser plugin, desktop download client, and/or iOS application may eachcontain client libraries for on-device geolocation functionality. Theselibraries provide the geolocation services to the browser, and may beused for interrogating a variety of geolocation methods available on thedevice.

As discussed in this disclosure, in some embodiments our solution mayaugment the result provided by an on-device service with off-device dataavailable through integration with an off-device service. Some types ofoff-device services (e.g., the Locaid carrier location service) makeavailable cell site information for mobile devices. For example, when amobile device connects to a cell tower, it leaves a footprint in therecords that can be retrieved later.

Through the use of the off-device geolocation service, a geolocationverification process may check whether the on-device location sourceshave been spoofed or whether the phone has been left in an attempt towork around geolocation regulations, as geolocation verification processmay have another location reading as a cross-reference.

For example, a patron leaves his mobile phone at home in New Jersey, andtakes his laptop across the state border to New York, to play at work.In some embodiments, the geolocation verification system would take twolocating readings, one from the phone, which places him within NewJersey, and one from the laptop, which places the patron outside of NewJersey. In this scenario, a geolocation verification process may haveidentified a discrepancy between the on- and off-device readings,potentially indicating that the patron is out of state, as he has notbeen able to spoof both the on- and off-device readings.

Combining multiple locations' readings together (e.g., from at least oneon-device source and at least one off-device source), in accordance withsome embodiments described in this disclosure, gives a strongergeolocation solution. Accessing additional data sources increases thedifficulty for a patron to work around any geolocation restrictions.

For some embodiments, additional measures may be taken to reduce theability for someone to work around the geolocation methods. For example,for on-device sources, natively installed geolocation libraries may beused, rather than relying on a pure browser based approach. In anotherexample, for off-device sources, authentication services may be used(e.g., 2-factor authentication services provided by Duo Security) inconjunction with GSM cell site identification or other type ofoff-device geolocation method.

As discussed in this disclosure, an off-device source (e.g., Locaid) maybe used, in accordance with some embodiments, to increase the confidencein the results obtained using on-device data location sources. In someembodiments, however, an off-device source may be used as a geolocationsource in its own right. A location determined by Locaid could, forexample, depending on the methods available on the device, be thestrongest source available to locate a patron.

Some of the embodiments advantageously may remove the risk of a patronleaving a mobile phone or cellular device in one location (e.g., inorder to be located in New Jersey), when in fact the patron is in adifferent location (e.g., outside of New Jersey). For example, using acarrier network-based service in conjunction with an authenticationservice to strongly authenticate a patron on a site (e.g., a gamingsite) may provide an increased level of security, while also ensuringthat the patron is in possession of their mobile device at the start ofa gaming session. For instance, where a mobile device used as the secondfactor during an authenticated login is the same device that is used foroff-device carrier geolocation, a restricted access service provider mayhave greater confidence in the off-device location results because theuser is with the mobile device being tracked by the carrier.

Interpretation

Numerous embodiments are described in this patent application, and arepresented for illustrative purposes only. The described embodiments arenot, and are not intended to be, limiting in any sense. The presentlydisclosed invention(s) are widely applicable to numerous embodiments, asis readily apparent from the disclosure. One of ordinary skill in theart will recognize that the disclosed invention may be practiced withvarious modifications and alterations, such as structural, logical,software, and/or electrical modifications. Although particular featuresof the disclosed invention(s) may be described with reference to one ormore particular embodiments and/or drawings, it should be understoodthat such features are not limited to usage in the one or moreparticular embodiments or drawings with reference to which they aredescribed, unless expressly specified otherwise.

The present disclosure is neither a literal description of allembodiments nor a listing of features that must be present in allembodiments.

Neither the Title (set forth at the beginning of the first page of thisdisclosure) nor the Abstract (set forth at the end of this disclosure)is to be taken as limiting in any way the scope of the disclosedinvention(s).

Throughout the description and unless otherwise specified, the followingterms may include and/or encompass the example meanings provided below.These terms and illustrative example meanings are provided to clarifythe language selected to describe embodiments both in the specificationand in the appended claims, and accordingly, are not intended to belimiting.

The terms “an embodiment”, “embodiment”, “embodiments”, “theembodiment”, “the embodiments”, “one or more embodiments”, “someembodiments”, “one embodiment” and the like mean “one or more (but notall) disclosed embodiments”, unless expressly specified otherwise.

The terms “the invention” and “the present invention” and the like mean“one or more embodiments of the present invention.”

A reference to “another embodiment” in describing an embodiment does notimply that the referenced embodiment is mutually exclusive with anotherembodiment (e.g., an embodiment described before the referencedembodiment), unless expressly specified otherwise.

The terms “including”, “comprising” and variations thereof mean“including but not limited to”, unless expressly specified otherwise.

The terms “a”, “an” and “the” mean “one or more”, unless expresslyspecified otherwise.

The term “plurality” means “two or more”, unless expressly specifiedotherwise.

The term “herein” means “in the present disclosure, including anythingwhich may be incorporated by reference”, unless expressly specifiedotherwise.

The phrase “at least one of”, when such phrase modifies a plurality ofthings (such as an enumerated list of things) means any combination ofone or more of those things, unless expressly specified otherwise. Forexample, the phrase at least one of a widget, a car and a wheel meanseither (i) a widget, (ii) a car, (iii) a wheel, (iv) a widget and a car,(v) a widget and a wheel, (vi) a car and a wheel, or (vii) a widget, acar and a wheel.

The phrase “based on” does not mean “based only on”, unless expresslyspecified otherwise. In other words, the phrase “based on” describesboth “based only on” and “based at least on”.

Where a limitation of a first claim would cover one of a feature as wellas more than one of a feature (e.g., a limitation such as “at least onewidget” covers one widget as well as more than one widget), and where ina second claim that depends on the first claim, the second claim uses adefinite article “the” to refer to the limitation (e.g., “the widget”),this does not imply that the first claim covers only one of the feature,and this does not imply that the second claim covers only one of thefeature (e.g., “the widget” can cover both one widget and more than onewidget).

Each process (whether called a method, algorithm or otherwise)inherently includes one or more steps, and therefore all references to a“step” or “steps” of a process have an inherent antecedent basis in themere recitation of the term “process” or a like term. Accordingly, anyreference in a claim to a “step” or “steps” of a process has sufficientantecedent basis.

When an ordinal number (such as “first”, “second”, “third” and so on) isused as an adjective before a term, that ordinal number is used (unlessexpressly specified otherwise) merely to indicate a particular feature,such as to distinguish that particular feature from another feature thatis described by the same term or by a similar term. For example, a“first widget” may be so named merely to distinguish it from, e.g., a“second widget”. Thus, the mere usage of the ordinal numbers “first” and“second” before the term “widget” does not indicate any otherrelationship between the two widgets, and likewise does not indicate anyother characteristics of either or both widgets. For example, the mereusage of the ordinal numbers “first” and “second” before the term“widget” (1) does not indicate that either widget comes before or afterany other in order or location; (2) does not indicate that either widgetoccurs or acts before or after any other in time; and (3) does notindicate that either widget ranks above or below any other, as inimportance or quality. In addition, the mere usage of ordinal numbersdoes not define a numerical limit to the features identified with theordinal numbers. For example, the mere usage of the ordinal numbers“first” and “second” before the term “widget” does not indicate thatthere must be no more than two widgets.

As used in this disclosure, a “user” may generally refer to anyindividual and/or entity that operates a user device. Users maycomprise, for example, patrons of a gaming website, customers,consumers, etc.

Some embodiments may be associated with a “user device” or a “networkdevice”. As used in this disclosure, the terms “user device” and“network device” may be used interchangeably and may generally refer toany device that can communicate via a network. Examples of user ornetwork devices include a personal computer (PC), a workstation, aserver, a printer, a scanner, a facsimile machine, a copier, a personaldigital assistant (PDA), a storage device (e.g., a disk drive), a hub, arouter, a switch, and a modem, a video game console, or a wirelessphone. User and network devices may comprise one or more communicationor network components.

Some embodiments may be associated with a “network” or a “communicationnetwork”. As used in this disclosure, the terms “network” and“communication network” may be used interchangeably and may refer to anyobject, entity, component, device, and/or any combination thereof thatpermits, facilitates, and/or otherwise contributes to or is associatedwith the transmission of messages, packets, signals, and/or other formsof information between and/or within one or more network devices. Insome embodiments, networks may be hard-wired, wireless, virtual, neural,and/or any other configuration or type of network that is or becomesknown. Networks may comprise any number of computers and/or other typesof devices in communication with one another, directly or indirectly,via a wired or wireless medium such as the Internet, LAN, WAN orEthernet (or IEEE 802.3), Token Ring, RF, cable TV, satellite links, orvia any appropriate communications means or combination ofcommunications means. In some embodiments, a network may include one ormore wired and/or wireless networks operated in accordance with anycommunication standard or protocol that is or becomes known orpracticable. Exemplary protocols for network communications include butare not limited to: the Fast Ethernet LAN transmission standard802.3-2002® published by the Institute of Electrical and ElectronicsEngineers (IEEE), Bluetooth™, Time Division Multiple Access (TDMA), CodeDivision Multiple Access (CDMA), Global System for Mobile communications(GSM), Enhanced Data rates for GSM Evolution (EDGE), General PacketRadio Service (GPRS), Wideband CDMA (WCDMA), Advanced Mobile PhoneSystem (AMPS), Digital AMPS (D-AMPS), IEEE 802.11 (WI-FI), IEEE 802.3,SAP, the best of breed (BOB), system to system (S2S), or the like.Communication between and/or among devices may be encrypted to ensureprivacy and/or prevent fraud in any one or more of a variety of wayswell known in the art.

Devices that are in communication with each other need not be incontinuous communication with each other, unless expressly specifiedotherwise. On the contrary, such devices need only transmit to eachother as necessary or desirable, and may actually refrain fromexchanging data most of the time. For example, a machine incommunication with another machine via the Internet may not transmitdata to the other machine for weeks at a time. In addition, devices thatare in communication with each other may communicate directly orindirectly through one or more intermediaries.

As used in this disclosure, the term “network component” may refer to anetwork device, or a component, piece, portion, or combination of anetwork device. Examples of network components may include a StaticRandom Access Memory (SRAM) device or module, a network processor, and anetwork communication path, connection, port, or cable.

As used in this disclosure, the terms “information” and “data” may beused interchangeably and may refer to any data, text, voice, video,image, message, bit, packet, pulse, tone, waveform, and/or other type orconfiguration of signal and/or information. Information may compriseinformation packets transmitted, for example, in accordance with theInternet Protocol Version 6 (IPv6) standard as defined by “InternetProtocol Version 6 (IPv6) Specification” RFC 1883, published by theInternet Engineering Task Force (IETF), Network Working Group, S.Deering et al. (December 1995). Information may, according to someembodiments, be compressed, encoded, encrypted, and/or otherwisepackaged or manipulated in accordance with any method that is or becomesknown or practicable.

In addition, some embodiments described in this disclosure areassociated with an “indication”. The term “indication” may be used torefer to any indicia and/or other information indicative of orassociated with a subject, item, entity, and/or other object and/oridea. As used in this disclosure, the phrases “information indicativeof” and “indicia” may be used to refer to any information thatrepresents, describes, and/or is otherwise associated with a relatedentity, subject, or object. Indicia of information may include, forexample, a code, a reference, a link, a signal, an identifier, and/orany combination thereof and/or any other informative representationassociated with the information. In some embodiments, indicia ofinformation (or indicative of the information) may be or include theinformation itself and/or any portion or component of the information.In some embodiments, an indication may include a request, asolicitation, a broadcast, and/or any other form of informationgathering and/or dissemination.

“Determining” something may be performed in a variety of manners andtherefore the term “determining” (and like terms) includes calculating,computing, deriving, looking up (e.g., in a table, database or datastructure), ascertaining, recognizing, and the like.

A “processor” means any one or more microprocessors, Central ProcessingUnit (CPU) devices, computing devices, microcontrollers, digital signalprocessors, or like devices. Examples of processors include, withoutlimitation, INTEL's PENTIUM, AMD's ATHLON, or APPLE's A6 processor.

When a single device or article is described in this disclosure, morethan one device or article (whether or not they cooperate) mayalternatively be used in place of the single device or article that isdescribed. Accordingly, the functionality that is described as beingpossessed by a device may alternatively be possessed by more than onedevice or article (whether or not they cooperate). Where more than onedevice or article is described in this disclosure (whether or not theycooperate), a single device or article may alternatively be used inplace of the more than one device or article that is described. Forexample, a plurality of computer-based devices may be substituted with asingle computer-based device. Accordingly, functionality that isdescribed as being possessed by more than one device or article mayalternatively be possessed by a single device or article. Thefunctionality and/or the features of a single device that is describedmay be alternatively embodied by one or more other devices that aredescribed but are not explicitly described as having such functionalityand/or features. Thus, other embodiments need not include the describeddevice itself, but rather can include the one or more other devices thatwould, in those other embodiments, have such functionality/features.

A description of an embodiment with several components or features doesnot imply that any particular one of such components and/or features isrequired. On the contrary, a variety of optional components aredescribed to illustrate the wide variety of possible embodiments of thepresent invention(s). Unless otherwise specified explicitly, nocomponent and/or feature is essential or required.

Further, although process steps, algorithms or the like may be describedor depicted in a sequential order, such processes may be configured towork in one or more different orders. In other words, any sequence ororder of steps that may be explicitly described or depicted does notnecessarily indicate a requirement that the steps be performed in thatorder. The steps of processes described in this disclosure may beperformed in any order practical. Further, some steps may be performedsimultaneously despite being described or implied as occurringnon-simultaneously (e.g., because one step is described after the otherstep). Moreover, the illustration of a process by its depiction in adrawing does not imply that the illustrated process is exclusive ofother variations and modifications, does not imply that the illustratedprocess or any of its steps is necessary to the invention, and does notimply that the illustrated process is preferred.

It will be readily apparent that the various methods and algorithmsdescribed in this disclosure may be implemented by, e.g., appropriately-and/or specially-programmed general purpose computers and/or computingdevices. Typically a processor (e.g., one or more microprocessors) willreceive instructions from a memory or like device, and execute thoseinstructions, thereby performing one or more processes defined by thoseinstructions. Further, programs that implement such methods andalgorithms may be stored and transmitted using a variety of media (e.g.,computer-readable media) in a number of manners. In some embodiments,hard-wired circuitry or custom hardware may be used in place of, or incombination with, software instructions for implementation of theprocesses of various embodiments. Thus, embodiments are not limited toany specific combination of hardware and software.

Accordingly, a description of a process likewise describes at least oneapparatus for performing the process, and likewise describes at leastone computer-readable medium and/or computer-readable memory forperforming the process. The apparatus that performs a described processmay include components and/or devices (e.g., a processor, input andoutput devices) appropriate to perform the process. A computer-readablemedium may store program elements and/or instructions appropriate toperform a described method.

The term “computer-readable medium” refers to any medium thatparticipates in providing data (e.g., instructions or other information)that may be read by a computer, a processor, or a like device. Variousforms of computer-readable media may be involved in carrying data,including sequences of instructions, to a processor. For example,sequences of instruction (i) may be delivered from RAM to a processor,(ii) may be carried over a wireless transmission medium, and/or (iii)may be formatted according to any one or more of various known formats,standards, or protocols (some examples of which are described in thisdisclosure with respect to communication networks).

Computer-readable media may take many forms, including but not limitedto, non-volatile media, volatile media, and transmission media.Non-volatile media may include, for example, optical or magnetic disksand other types of persistent memory. Volatile media may include, forexample, DRAM, which typically constitutes the main memory for acomputing device. Transmission media may include, for example, coaxialcables, copper wire, and fiber optics, including the wires that comprisea system bus coupled to the processor. Transmission media may include orconvey acoustic waves, light waves, and electromagnetic emissions, suchas those generated during RF and IR data communications. Common forms ofcomputer-readable media include, for example, a floppy disk, a flexibledisk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM,DVD, any other optical medium, a punch card, paper tape, any otherphysical medium with patterns of holes, a RAM, a PROM, an EPROM, aFLASH-EEPROM, a Universal Serial Bus (USB) memory stick or thumb drive,a dongle, any other memory chip or cartridge, a carrier wave, or anyother medium from which a computer can read.

The term “computer-readable memory” may generally refer to a subsetand/or class of non-transitory computer-readable medium that does notinclude intangible or transitory signals, waves, waveforms, carrierwaves, electromagnetic emissions, or the like. Computer-readable memorymay typically include physical, non-transitory media upon which data(e.g., instructions or other information) are stored, such as optical ormagnetic disks and other persistent memory, DRAM, a floppy disk, aflexible disk, hard disk, magnetic tape, any other magnetic medium, aCD-ROM, DVD, any other optical medium, punch cards, paper tape, anyother physical medium with patterns of holes, a RAM, a PROM, an EPROM, aFLASH-EEPROM, USB devices, any other memory chip or cartridge, and thelike.

Where databases are described, it will be understood by one of ordinaryskill in the art that (i) alternative database structures to thosedescribed may be readily employed, and (ii) other memory structuresbesides databases may be readily employed. Any illustrations ordescriptions of any sample databases presented in this disclosure areillustrative arrangements for stored representations of information. Anynumber of other arrangements may be employed besides those suggested by,e.g., tables illustrated in drawings or elsewhere. Similarly, anyillustrated entries of the databases represent exemplary informationonly; one of ordinary skill in the art will understand that the numberand content of the entries may be different from those described in thisdisclosure. Further, despite any depiction of the databases as tables,other formats (including relational databases, object-based models,hierarchical electronic file structures, and/or distributed databases)could be used to store and/or manipulate the described data. Likewise,object methods or behaviors of a database may be used to implement oneor more of various processes, such as those described in thisdisclosure. In addition, the databases may, in a known manner, be storedlocally and/or remotely from a device that accesses data in such adatabase. Furthermore, while unified databases may be contemplated, itis also possible that the databases may be distributed and/or duplicatedamongst a variety of devices.

The present disclosure provides, to one of ordinary skill in the art, anenabling description of several embodiments and/or inventions. Some ofthese embodiments and/or inventions may not be claimed in the presentapplication, but may nevertheless be claimed in one or more continuingapplications that claim the benefit of priority of the presentapplication. Applicants intend to file additional applications to pursuepatents for subject matter that has been disclosed and enabled but notclaimed in the present application.

What is claimed is:
 1. A device geolocation system for securing accessto restricted access services, comprising: a processor; and acomputer-readable memory in communication with the processor, thecomputer-readable memory storing instructions that when executed by theprocessor direct the processor to: receive, from a user device, arequest to grant a user access, via the user device, to a restrictedaccess service that is restricted to users located in a predefined area;determine that the user is in possession of a mobile device registeredwith the restricted access service; determine, using a first locationdata source, first location data associated with the user device,wherein the first location data source is associated with a firstaccuracy value; determine, using a second location data source, secondlocation data associated with the user device, wherein the secondlocation data source is associated with a second accuracy value;determine a first geographical area based on the first location data andthe first accuracy value, wherein the first geographical area includesand is greater than a first location associated with the user device;determine that the first geographical area is wholly located within thepredefined area; determine a second geographical area based on thesecond location data and the second accuracy value; after determiningthe first geographical area, determine that the following conditions aresatisfied: (i) the first geographical area and the second geographicalarea overlap, and (ii) the second geographical area is wholly locatedwithin the predefined area; after determining that the conditions aresatisfied and determining that the user is in possession of the mobiledevice registered with the restricted access service, determine that theuser device is located in the predefined area; and allow the user deviceto access the restricted access service.
 2. The device geolocationsystem of claim 1, wherein allowing the user device to access therestricted access service comprises: allowing the user to place a wagerin an online wagering game.
 3. The device geolocation system of claim 1,wherein the user device is the mobile device.
 4. The device geolocationsystem of claim 1, wherein determining that the user is in possession ofthe mobile device registered with the restricted access servicecomprises: transmitting an authentication code to the mobile device;receiving a code from the user device; and verifying that the codereceived from the user device is the one-time authentication codetransmitted to the mobile device.
 5. The device geolocation system ofclaim 4, wherein the authentication code is a one-time authenticationcode.
 6. The device geolocation system of claim 1, wherein at least oneof the first location data source and the second location data sourcecomprises an on-device location data source.
 7. The device geolocationsystem of claim 6, wherein the on-device location data source comprisesa GPS receiver.
 8. The device geolocation system of claim 6, wherein theon-device location data source comprises a location data source based onone or more Wi-Fi networks.
 9. The device geolocation system of claim 6,wherein the on-device location data source comprises a location datasource based on information received by the user device from one or morecell sites.
 10. The device geolocation system of claim 1, wherein atleast one of the first location data source and the second location datasource comprises an off-device location data source.
 11. The devicegeolocation system of claim 9, wherein the off-device location datasource comprises information received from a carrier network incommunication with the mobile device.
 12. The device geolocation systemof claim 1, wherein the first location data comprises an indication of afirst geographic location identified by an on-device location datasource, wherein the first accuracy value comprises a first accuracyradius, and wherein the first geographical area comprises asubstantially circular geographical area defined by the first geographiclocation and the first accuracy radius.
 13. The device geolocationsystem of claim 1, wherein the instructions when executed by theprocessor further direct the processor to: determine a registeredaddress associated with the user; and determine that the registeredaddress is located in the predefined area.
 14. The device geolocationsystem of claim 12, wherein the step to determine that the user deviceis located in the predefined area comprises: after determining that atleast one of the conditions is satisfied, after determining that theuser is in possession of the mobile device registered with therestricted access service, and after determining that the registeredaddress is located in the predefined area, determine that the userdevice is located in the predefined area.
 15. The device geolocationsystem of claim 1, wherein the instructions when executed by theprocessor further direct the processor to: determine, based on the firstaccuracy value and the second accuracy value, that the first datalocation source is not less accurate than the second location datasource.
 16. The device geolocation system of claim 1, wherein theinstructions when executed by the processor further direct the processorto: select the first location data source from a plurality of availablelocation data sources.
 17. The device geolocation system of claim 1,wherein the instructions when executed by the processor further directthe processor to: determine, for each of a plurality of availablelocation data sources, a respective accuracy value.
 18. The devicegeolocation system of claim 1, wherein the instructions when executed bythe processor further direct the processor to: determine, for each of aplurality of available combinations of location data sources, at leastone of: a respective accuracy value for the combination and a respectivepriority for the available combination.
 19. The device geolocationsystem of claim 1, wherein determining that the user device is locatedin the predefined area comprises determining that the user device islocated in the predefined area based on at least one geolocation rule.20. The device geolocation system of claim 1, wherein the instructionswhen executed by the processor further direct the processor to: transmita request for a spoofing check for the user device; and receive, fromthe user device, an indication that the user device passes the spoofingcheck.
 21. A device geolocation system for securing access to restrictedaccess services, comprising: a processor; and a computer-readable memoryin communication with the processor, the computer-readable memorystoring instructions that when executed by the processor direct theprocessor to: transmit, to a mobile device registered by a user with arestricted access service, a one-time code, wherein the restrictedaccess service is restricted to users located in a predefined area;receive, from the mobile device, the one-time code; determine, based onreceiving the one-time code, that the user is in possession of themobile device; receive, from the mobile device, a request to grant theuser access, via the mobile device, to the restricted access service;transmit a request for a spoofing check for the mobile device; receive,from the mobile device, an indication that the mobile device passes thespoofing check; transmit, to the mobile device, a request for a locationof the mobile device; receive, from the mobile device, first locationdata associated with the mobile device, wherein the first location datais associated with a first accuracy value; after receiving the firstlocation data from the mobile device, transmit, to a carrier networkassociated with the mobile device, a request for a carrier location ofthe mobile device; receiving, from the carrier network, carrier locationdata associated with the mobile device, the carrier location dataincluding an indication of a carrier location of the mobile device;wherein the second location data is associated with a second accuracyvalue; determine, based on the first accuracy value and the secondaccuracy value, that the first data location data is not less accuratethan the second location data; determine a first geographical area basedon the first location data and the first accuracy value, wherein thefirst geographical area includes and is greater than a first locationassociated with the mobile device; determine that the first geographicalarea is wholly located within the predefined area; determine a secondgeographical area based on the carrier location data and the secondaccuracy value; after determining the first geographical area, determinethat the following conditions are satisfied: (i) the first geographicalarea and the second geographical area overlap, and (ii) the secondgeographical area is wholly located within the predefined area; afterdetermining that the conditions are satisfied, after determining thatthe user is in possession of the mobile device registered with therestricted access service, and after receiving the spoofing information,determine that the user device is located in the predefined area; andallow the mobile device to access the restricted access service.
 22. Adevice geolocation system for securing access to restricted accessservices, comprising: a processor; and a computer-readable memory incommunication with the processor, the computer-readable memory storinginstructions that when executed by the processor direct the processorto: receive, from a user device, a request to grant a user access, viathe user device, to a restricted access service that is restricted tousers located in a predefined area; determine whether the user is inpossession of a mobile device registered with the restricted accessservice; determine, using a first location data source, first locationdata associated with the user device, wherein the first location datasource is associated with a first accuracy value; determine, using asecond location data source, second location data associated with theuser device, wherein the second location data source is associated witha second accuracy value; determine a first geographical area based onthe first location data and the first accuracy value, wherein the firstgeographical area includes and is greater than a first locationassociated with the mobile device; determine a second geographical areabased on the second location data and the second accuracy value; afterdetermining the first geographical area, determine that the followingcondition is satisfied: (i) the second geographical area is not whollylocated within the predefined area and the second geographical area alsodoes not overlap with the first geographical area; in response todetermining that condition is satisfied, denying the user access, viathe user device, to the restricted access service.
 23. The devicegeolocation system of claim 22, wherein the instructions when executedby the processor further direct the processor to: determine, based onthe first accuracy value and the second accuracy value, that the firstdata location source is not less accurate than the second location datasource.